<?php
session_start();
$_SESSION['user']=$_POST['username'];


//set the values neccessary to connect to the database
$host="localhost";
$username="root";
$password="";
$db="assessmentdb";

//create the connection to the database
$connection=mysql_connect($host, $username, $password);

//select my database
$mysel=mysql_select_db($db);

//assign the values the user entered in the text box to a variable  in php
$user=$_SESSION['user'];
$pass = $_POST['password'];

//the code below will ensure that any malicious entry made will be made inactive.
$username=mysql_real_escape_string($user);
$password=mysql_real_escape_string($pass);

$check= "select username, password from user where username = '$username' and password = '$password'";

$result=mysql_query($check, $connection);

$numofrows=mysql_num_rows($result);

if ($numofrows ==1)
{
header("location:entry.php");

}
else{
header("location:../index.php");

}




?>